
		<?php 
			$username = $_SESSION["user"];
			$fname = $lname = $email = $major = $school = $advisor = $acm_id = $sig = $title = $keywords = $link = $filename = $textSubmission = '';
			$fnameErr = $lnameErr = $emailErr = $majorErr = $schoolErr = $advisorErr  = $acm_idErr = $sigErr = $titleErr = $keywordsErr = $linkErr = $fileErr = $submissionErr = '';
			/*
				This code block is accessed whenever a form has been submitted. 
				It checks that required fields are complete and also checks the format with preg_match. 
				Special characters are removed using the clean_field function. 
			*/
			if ($_SERVER["REQUEST_METHOD"] == "POST")
			{
				$arrCheck = 0;

				//Check all of the fields and fill variables. 

				if (empty ($_POST["fname"])) {
					$fnameErr = "Please enter your first name."; 
				}
				else {
					$fname = clean_field ($_POST["fname"]);
					if (!preg_match("/^[a-zA-Z ]*$/", $fname)) {
						$fnameErr = "Names can only include letters and white space.";
					}
				}
				if (empty ($_POST["lname"])) {
					$lnameErr = "Please enter your last name.";
				}
				else {
					$lname = clean_field ($_POST["lname"]);
					if (!preg_match("/^[a-zA-Z ]*$/", $lname)) {
						$lnameErr = "Names can only include letters and white space.";
					}
				}
				
				if (empty ($_POST["email"])) {
					$emailErr = "Please enter your email address.";
				}
				else {
					$email = clean_field ($_POST["email"]);
					if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email)) {
						$emailErr = "Invalid email format. (ex: example@email.com)";
					}
				}
				
				if (empty ($_POST["major"])) {
					$majorErr = "Please enter your Field of Study.";
				}
				else {
					$major = clean_field ($_POST["major"]);
					if (!preg_match("/^[a-zA-Z ]*$/", $major)) {
						$majorErr = "Names can only include letters and white space.";
					}
				}

				if (empty ($_POST["school"])) {
					$schoolErr = "Please enter the name of your school.";
				}
				else {
					$school = clean_field ($_POST["school"]);
					if (!preg_match("/^[a-zA-Z ]*$/", $school)) {
						$schoolErr = "School names can only include letters and white space.";
					}
				}
				
				if (!empty ($_POST["advisor"])) {
					$advisor = clean_field ($_POST["advisor"]);
					if (!preg_match("/^[.a-zA-Z ]*$/", $advisor)) {
						$advisorErr = "Advisor names can only include letters, whitespace, and \".\"";
					}
				}
				
				if (!empty ($_POST["acm_id"])) {
					$acm_id = clean_field ($_POST["acm_id"]);
					if (!preg_match("/^[0-9]+$/", $acm_id)) {
						$acm_idErr = "Your ACM ID must contain only numbers.";
					}
				}
				
				if (!isset ($_POST["sig"])) {
					$sigErr = "This field is required.";
				}
				else {
					if ($_POST["sig"] == "1")
						$sig = 1;
					else
						$sig = 0;
				}
				
				if (empty ($_POST["title"])) {
					$titleErr = "Please enter the title of your paper.";
				}
				else {
					$title = clean_field ($_POST["title"]);
					if (!preg_match("/^[a-zA-Z ]*$/", $title)) {
						$titleErr = "Titles can only include letters and whitespace.";
					}
				}
				
				if (!empty ($_POST["keywords"])) {
					$keywords = clean_field ($_POST["keywords"]);
					if (!preg_match("/^[,a-zA-Z ]*$/", $keywords)) {
						$keywordsErr = "Keywords must be separated by commas.";
					}
				}
				
				if (!empty ($_POST["link"])) {
					$link = $_POST["link"];
					if (!preg_match("/^(https?:\/\/)?([\da-z\.-]+)\.([a-z\.]{2,6})([\/\w \.-]*)*\/?$/ ", $link)) {
						$linkErr = "Please enter a valid URL.";
					}
					else {
						if (!(substr( $link, 0, 4 ) === "http")) {
							$link = "http://" . $link;
						}
					}
				}
				
				if (!empty ($_POST["comment"])) {
					$textSubmission = clean_field ($_POST["comment"]);
				}

				if(isset($_FILES["upload"]) && ($_FILES["upload"]["size"] != 0)) {
					$file_name = $_FILES['upload']['name'];	
					$tmpName = $_FILES['upload']['tmp_name'];
	                $file_size = intval($_FILES['upload']['size']);
	                $file_type = $_FILES['upload']['type'];
	                echo $file_size;
	                echo $file_type;

	                if ($file_type != "application/pdf") {
	                	$fileErr = "Error: Uploaded file must be of type .pdf";
	                }
	                else if ($file_size > 1000000) {
	                	$fileErr = "Uploaded file is " . $file_size . "KB, which exceeds size limit 1 MB. ";
	                }
	                else if ($fileErr == "") {
	                	$fileErr = $_FILES['upload']['error'];
	                }

	                if ($fileErr == '0')
	                	$fileErr = "";
				}
				
				if ((!isset($_FILES["upload"]) || ($_FILES["upload"]["size"] == 0)))
					$submissionErr = "You must upload a PDF of your dissertation.";

				$errArray = array($fnameErr, $lnameErr, $emailErr, $majorErr, $schoolErr, $advisorErr, $acm_idErr, $sigErr, $titleErr, $keywordsErr, $linkErr, $fileErr, $submissionErr);
				
				//Checking to see if there are any errors in the form submission.
				foreach ($errArray as $key => $value) {
					if (!empty($value))
						$arrCheck = 1;
				}
				// //If there are no errors...
				if ($arrCheck == 0) {
					//Connect to the database.
					$con = mysqli_connect ("db.cse.unt.edu", 'acmrepo', 'B8cpU6GBx9qJJmN8', 'acmrepo');

					if (mysqli_connect_errno()) {
					  echo "Failed to connect to MySQL: " . mysqli_connect_error();
					}
					
					//Uploads the pdf file. 
					if(isset($_FILES["upload"]) && ($_FILES["upload"]["size"] != 0)) {
						$fp = fopen($tmpName, 'r');
						$content = fread($fp, filesize($tmpName));
						$content = addslashes($content);
						fclose($fp);
						
						if (!get_magic_quotes_gpc()) {
							$file_name = addslashes($file_name);
						}
						
						$query = "INSERT INTO files (file_name, file_type, file_size, file_contents) values ('$file_name', '$file_type', '$file_size', '$content')";
						if(mysqli_query($con, $query))
							$insertID = mysqli_insert_id($con);
					}
						
					// Query for inserting all form data into the author table
					mysqli_query ($con, "insert into author(username, first_name, last_name, email, dept_name, univ_name, advisor, acm_id, sig_bio)
						values('$username', '$fname', '$lname', '$email', '$major', '$school', '$advisor', '$acm_id', '$sig')");
						
					// Query for inserting all form data into the abstract table.
					// This includes the text submission of the abstract if there is one. 
					if (isset($insertID))
						$query = "insert into abstract(title, username, email, link, keywords, uploadedAbstractID, abstract_text, semester_of_defense) values('$title', '$username', '$email', '$link', '$keywords', '$insertID', '$textSubmission', '')";
					else
						$query = "insert into abstract(title, username, email, link, keywords, abstract_text, semester_of_defense) values('$title', '$username', '$email', '$link', '$keywords', '$textSubmission', '')";
					mysqli_query ($con, $query);
					$abstractID = mysqli_insert_id($con);	

					mysqli_close($con);
					
					//Redirect to the submission success page after the form is successfully submitted. 
					header("Location: submit_success.php?ID=" . $abstractID);
				}
		}
	
	//This function removes special characters from user input.
	function clean_field ($data)
	{
		$data = trim($data);
		$data = stripslashes($data);
		$data = htmlspecialchars($data);
		return $data;
	}


	?>
